Patches and updates, Things that are bad, Windows, Windows 11

Dear Microsoft: stop screwing with my computer

Leave a comment

At one point, not many years ago, we had control over our own Windows computers. Microsoft has ripped that control from us gradually, and with Windows 11, not only does Microsoft decide which patches your computer needs, it also decides when to install them, and when to restart your computer to complete them.

Sure, there are ways to regain some control. Updates can be delayed, and restarts can be scheduled. But that’s only if you’re running the more expensive versions of Windows.

Various update-induced nightmares

Power settings reverted

I’ve never seen a satisfying explanation for why this keeps happening on computers I manage.

I suppose it’s possible that Microsoft is trying to be a good citizen, and tell the billions of Windows computers it effectively manages to go to sleep when they are no being actively used.

Sure, that saves power. And sure, most of the time a sleeping computer is just slightly annoying to its user. But the Windows sleep feature isn’t exactly reliable. Most power users leave it permanently disabled because it just causes too many problems.

It’s also a huge problem for computers that are mainly used remotely. When a remote Windows PC goes to sleep, it becomes impossible to access remotely. Someone has to go to the computer physically and hit the keyboard to wake it up.

Sure, there’s technology to get around this, such as Wake-On-LAN. But I have yet to see WOL work reliably on any Windows computer where I’ve tried it.

Incidentally, this exact scenario recently happened to me (again), and there was no way to access the remote PC until the business reopened two days after I needed remote access.

Default apps revert to Windows defaults

This has happened on Windows computers I manage more times than I can remember. There’s no pattern to it. I would almost prefer if this happened after every update, because then I would know that I always have to reset them.

It’s no coincidence, I’m sure, that the defaults involve setting up Microsoft apps to open everything. Nothing to do with the fact that a lot of those defaults involve opening files in Edge, and the fact that Edge is basically hated by everyone and used very little, at least intentionally.

Worse still, Microsoft has made it increasingly difficult to change these settings. The latest user interface is awful. And it’s now effectively impossible for an application to make itself the default for specific file types. Apps typically now have a message apologizing for not being able to make those changes, and telling the user that they have no choice but to use the crappy Windows interface.

Resetting all the default apps on my Windows 11 computer takes about an hour. I’ve spent a lot of time testing applications, and have settled on a collection that works very well for me. Very few of them are Microsoft apps. I have to keep notes about it, because I can’t remember all of the details.

Updates and reboots interrupt critical processes

You’ve probably heard the stories about people giving important presentations, only to be interrupted by updates and reboots. It’s even happened to Microsoft executives.

Microsoft has tried to improve this, offering to only install updates and reboot after hours, but those settings are far too limited.

Updates are not properly tested

Those other problems are annoying and problematic, but they pale in comparison with those times when Microsoft’s Windows update ineptitude has caused major outages around the world. There have been estimates about how much these problems have actually cost in terms of lost productivity, and the numbers are significant.

Of course, every time this happens, Microsoft says it was impossible to predict, and that it will never happen again. Here’s a suggestion, Microsoft: try testing updates properly before foisting them on millions of innocents users.

Conclusion

So hey, Microsoft. Kindly fuck all the way off with this bullshit. Linux looks better all the time.

Generative AI, Tools

Generative AI tools: enjoy them while you can

Leave a comment

I’ve enjoyed playing around with generative AI tools like ChatGPT and the new, generative features of image editors. I used ChatGPT to generate most of the definitions on this site (which I carefully reviewed and approved before posting). I even tried a code generator, though the code proved unusable.

But there’s a problem with all these technologies: they’re expensive. It takes a lot of processing power to run these tools. You don’t notice this, because when you ask MS Paint to generate an image, your computer’s fans don’t even speed up. That’s because the real work is always done on a remote computer, or multiple computers, owned by an AI company or some other large company that’s bought into the current AI craze.

Okay, so what? As long as I don’t have to pay for it, why should I care how much processing power is required? First of all, the companies that are are paying for all that work are currently subsidizing it; they are betting enormous amounts of money that these tools are here to stay. Some of them are charging users for their services, but so far none of them are making anywhere near what they’re spending. That’s not sustainable, and eventually they will need to either start recovering their costs, or discontinue their services.

We are starting to see advertising in generative AI services, and while that may offset the costs of running an AI data center to some degree, I doubt ads will come close to paying for all of that infrastructure and energy.

The second problem is that the processing power required by generative AI uses a lot of energy. Like, huge amounts of energy. You don’t see that, but it’s one reason generative AI services are so expensive to operate. Big companies are building huge new data centers just to host generative AI services. And they’re using incredibly large amounts of energy to power them. That’s not going to change, and at some point, government and industry regulators are going to start making noise about it. When an industry uses a lot of energy, regulators uses various methods to curb the excess, including taxes. I predict that governments will start taxing AI companies, which will make generative AI even more expensive.

So again, at some point, companies providing generative AI services will have to recover their ever-increasing costs. There are a few ways to do that, but the most obvious one is to start charging for those services, or to start charging a lot more. That will kill demand for those services, and eventually only organizations with very deep pockets will be able to afford them. At that point, the generative AI bubble will burst, and will fade into the background, just another tech fad that amused us for a while.

The other major issue with generative AI is legality. All generative AI uses existing media, much of which is obtained from public sources. The legal fights about this have only just started, and will only get worse as service providers start trying to make money from what is basically the work of other people. It will be interesting to watch as an outsider, and will keep copyright lawyers working for years.

NVIDIA

NVIDIA manufactures the processing chips that power generative AI. At this point I think the smart move would be to start short-selling NVIDIA stock, the value of which is currently skyrocketing, based on an assumption that generative AI is here to stay. When the NVIDIA stock tanks after this AI craze, anyone brave enough to short it will make enormous amounts of money.

Conclusions

Of course, it’s always possible that there will be a breakthrough in processing power, or the associated power requirements, and if that happens soon enough, my predictions could end up being way off. But it would need to be a big breakthrough, and that doesn’t seem likely.

So, enjoy these interesting AI tools while they last. Just don’t count on being able to afford using them in a few years. If you’re a writer, artist, or programmer who depends on generative AI tools for your livelihood, you are heading for trouble.

UPDATE 2026Mar06: here’s a fascinating ‘interview’ with the Claude chatbot, in which the human interviewer asks a series of questions about the financial realities of Nvidia’s stock price, and the viability of AI-powered services. Claude is not optimistic.

UPDATE 2026Apr22: Kyle Kingsbury recently published a lengthy analysis of what’s going on with LLMs and related technologies, and it’s a doozy. Highly recommended. The Future of Everything is Lies, I Guess (Bullshit About Bullshit Machines).

Email, Internet crime, Phishing, Spam and scams, Things that are bad

Reminder: view email as plain text

Leave a comment

Security professionals have been saying it for years. The specific dangers associated with email have changed during that time, but the advice remains valid, and applies to everyone who uses email.

While styled text in emails looks nice, and can increase readability, those benefits are massively outweighed by the associated risks.

I’ve been viewing all incoming email as plain text since I worked at the help desk of a major Canadian university. I saw first hand the damage that could be done with malicious email.

This morning, I received a phishing email that once again reinforced this old, but solid advice.

The Phish

Here’s what the email looks like when viewed in HTML mode, which renders underlying code as styled, formatted text:

The phishing email, rendered in HTML mode by Outlook.

Looks legitimate, at first glance. Upon closer inspection, the ‘From’ address is clearly unrelated to the supposed sender. It’s a long, randomly-generated string of characters, followed by ‘@news.alampat.com’. The long string of random characters may be designed to push the sender’s domain (news.alampat.com) off the screen on some devices. The domain itself doesn’t even exist.

Other than that, nothing suspicious stands out.

Savvy email users also know that you can usually hover the mouse pointer over a button or link, to show the web address hidden behind it. Doing that for this email reveals that clicking the ‘Update Billing Info’ button will send your web browser to: randomtext.valenciaacademy.com.br/randomtext?randomtext-randomtext==

Analysis of the actual address using the amazingly useful site scanner at urlscan.io shows a fake Shaw webmail login page, which looks identical to the actual Shaw webmail login page.

If you clicked the button in the phishing email, you would arrive at this legitimate-looking login screen. If you then entered your Shaw email username and password, the phish would be successful: the perpetrators would have the login ID and password for your email account. Your account could then be used for anything, up to and including identity theft.

Now, here’s what I saw when I opened the same email, which again, I see as plain text because I’ve configured Outlook that way:

The plain text version of the email. Obviously phishy.

It’s immediately obvious that many important words in the email have been partially obfuscated by inserting garbage characters. These characters are hidden in the HTML view. The web address associated with the ‘Update Billing Info’ button is also shown clearly. And that’s the problem, or rather one of the problems, with viewing email in rendered HTML mode: information is hidden from your view.

If you don’t mind the idea that the email you open includes hidden — and potentially very dangerous — information, I guess you can keep running that risk. But I cannot recommend it.

Take a few minutes to look at your email application’s settings. It should have an option to display all email as plain text. Enable that to improve your email safety.

Microsoft, Patches and updates, Things that are bad, Windows 10

Microsoft update adventures

Leave a comment

Yesterday I fired up my media PC, booting to Windows 10, to watch some episodic visual media (you know, TV shows) that we refer to as ‘comfort food’ around here.

Imagine my surprise when instead I saw a series of weird dialog boxes pop up on the screen, many of which were blank. Was it some kind of malware? Nope, it was Microsoft Copilot, trying to install itself and going berserk.

I tried following the prompts I was able to see, but those just led to more dialogs, including prompts for a PIN code that I don’t normally use when logging in. On that computer, I had previously given in to Microsoft’s increasingly strident demands that I use a Microsoft account to log in. So the PIN prompt was confusing.

I wish I had taken video of the whole thing. It was both comical and horrifying. My roommate looked on while I tried in vain to close blank dialogs that kept recreating themselves.

Eventually I recognized the Copilot logo on the taskbar for some of these dialogs, and caught enough of one briefly-flashed message to realize that this was Copilot, apparently attempting to install itself.

. . .

Windows 10 marked a major change in the way Microsoft updates the operating system: basically, updates are pushed to your computer whether you want them or not. You can delay them, sort of, but you can never stop them completely.

I have serious misgivings about that, but also about Microsoft’s decision to push Copilot to PCs running a version of Windows that won’t even be supported in a few months. Windows 10 support will end in October of 2025.

. . .

Anyway, once I realized that the barf being spewed in my face by Microsoft was related to Copilot, something in which I have zero interest, I started killing tasks. The ensuing game of whac-a-mole went on for a few minutes before I finally won, and the insane dialogs stopped appearing.

I then proceeded to remove Copilot-related garbage from the Startups list, which I later confirmed did in fact stop this mess from occurring again at the next startup.

That was half an hour of my life that I will never get back. Thanks, Microsoft!

Luckily, I was only booting to Windows on my media PC temporarily, while working on a minor problem with Linux Mint on the same PC. I’ve now gone back to using Linux Mint, and I really hope I never have to boot to Windows 10 again.

. . .

Ever since Microsoft throttled back their own update testing, instead relying on problem reports from canaries (literally how Microsoft refers to people who opt in to receive Windows updates early), the number of problems resulting from updates has increased sharply (full disclosure: I only have anecdotal evidence of this).

Here’s another example of Microsoft update fun: a couple of weeks ago, Outlook stopped working on all PCs at a client’s location. After a lot of troubleshooting, it eventually became clear that a recent Microsoft update had hosed Office. The Office ‘repair’ function fixed most of the PCs, but on one, Office had to be reinstalled completely. Frustrating, annoying, and totally unnecessary.

Come on, Microsoft. You used to be just kind of shitty. Now it seems like you actively hate your users.

Bing, Microsoft, Search

Is this the Google search page?

Leave a comment

The folks at Microsoft are once again demonstrating their creativity in thinking up ways to trick people into using its web search service, Bing.

There’s an old joke about Internet Explorer that was never funny for Microsoft, because it was mostly true: that people only ever used the now-obsolete web browser to download the browser they want to actually use (Firefox, Chrome, etc.) When first installed, most versions of Windows configured Internet Explorer as the default browser. People who wanted to install a different browser were forced to use IE to download that other browser. Once that other browser was installed, the user would make it the default, and never see IE again.

Microsoft has been spanked for forcing their browser on Windows users, and as a result, their efforts along those lines are increasingly sneaky.

The most recent trick involves a special search results page that shows up in Bing (which is typically now the default browser for new Windows installs). When a user searches for ‘google’ in Bing, the results page has more than a passing resemblance to the default Google search page. Presumably Microsoft expects some people to assume they’ve found Google search and use the non-Google search page to perform subsequent searches. But of course they would still be using Bing.

Screen shot of Bing search results page for a 'google' search.
It does look like the Google search page, at first glance.

If you try searching for Google in Bing search, you’ll notice that the tricky results page automatically scrolls down a few lines, which effectively hides the Microsoft Bing header at the top of the page, and makes the trickery more difficult to spot. That also confirms that this is intentional. You can see the hidden content by scrolling back to the top of the page.

Screen shot of Bing search results page showing Microsoft header.
Scrolling up shows the Microsoft and Bing header info.

Microsoft is dancing right up to the edge of the danger zone here, and I admit to being somewhat impressed by this latest trick. They’re not actually pretending to be Google search, which would clearly be a problem. They’ve just done enough visually to make a user think that they’re using Google search, when in fact it’s anything but.

The fact that search alternatives like Bing and DuckDuckGo exist belies the notion that Google has an actual search monopoly. But Google’s dominance is so large, that it must be very frustrating to Microsoft. In a way I don’t mind these tricks, because tiny upstart Microsoft is just doing what they can to compete. But in the end, I have to officially take exception, because no user interface should ever be made to fool the user, unless of course we’re talking about an actual game.

Please do carry on with these shenanigans, Microsoft. They are very entertaining, and they give us something amusing to write about.

UPDATE 2025Jan15: And just like that, Microsoft removed the fake Google Search page from ‘google’ Bing search results pages.

Things that are bad, Windows

Crowdstrike update kills millions of Windows computers worldwide

Leave a comment

If you don’t have Crowdstrike security software on your Windows 10+ computers, you’re one of the lucky ones, along with folks running Linux or macOS.

If you do run Crowdstrike on Windows, this is a bad day, because manual, in-person intervention is the only way to get past the infinitely-looping Blue Screen Of Death affecting millions of computers this morning.

Of course, even if you’ve managed to avoid Crowdstrike on Windows, you’re likely to be affected by this bug, because there’s a good chance that services you use are going to be dealing with it today, and in the meantime will be unusable. That includes 911 call systems, airlines, healthcare providers, and banks.

What happened?

In the early hours of July 19, Crowdstrike pushed out an update for its security software. Crowdstrike client software on millions of computers dutifully applied the update, and the nightmare began.

Microsoft’s advice is apparently to try rebooting affected computers… up to 15 times. Apparently, eventually Windows figures out something is wrong and reverts the problematic update. Or possibly Windows runs long enough to download and install the fixed update from Crowdstrike. I don’t know if this is serious advice or not.

IT folks who manage hundreds or even thousands of affected computers are going to have a very bad day. It will be even worse if those computers are using full disk encryption. Some people are opting to recover from backups, but that gets tricky when encryption is used.

The part that really bugs me about this mess is that Crowdstrike staff clearly did not test the problematic update at all before pushing it out. If they had tested it even once, the problem would have been revealed.

Crowdstrike’s stock is apparently tumbling today, and I’m okay with that, because it will provide ample motivation for the company to improve its testing process.

In the meantime, it might be a good idea to take the next few days off, cancel travel plans, and pick up a good book. Unless you’re an IT person, in which case you’re going to be very busy today.

More about this from The Verge.

Brian Krebs reports on the problem.

Followup analysis from The Verge.

A new recovery tool from Microsoft can help with remediation efforts.

Crowdstrike’s Remediation and Guidance Hub.

Definitions, Windows

What is the Blue Screen of Death?

Leave a comment

The Blue Screen of Death (BSoD) is an error screen displayed on a Windows computer system after a fatal system error, also known as a system crash. This error occurs when the operating system reaches a condition where it can no longer operate safely, such as a critical system process failure or hardware failure. Here are some key points about the Blue Screen of Death:

1. Appearance: The BSoD typically displays a blue background with white text, detailing the nature of the error. Modern versions of Windows also show a sad face emoticon and a QR code for quick reference to the error details.

2. Causes:
Hardware Issues: Problems with hardware components such as faulty RAM, overheating, or hardware not being properly seated.
Driver Issues: Incompatible or outdated drivers that fail to work correctly with the operating system.
Software Issues: Bugs in the operating system or other critical software components.
Corrupted System Files: Essential files required for the operating system to run properly may be missing or damaged.
Overclocking: Running hardware components at speeds higher than their default settings can lead to instability.

3. Error Codes: The BSoD displays a stop code, which helps diagnose the cause of the crash. These codes can be looked up to understand the specific error.

4. Prevention and Troubleshooting:
Regular Updates: Keeping the operating system and drivers up to date can prevent many causes of BSoD.
Hardware Checks: Regularly checking hardware components for faults and ensuring they are properly installed.
System Scans: Running regular scans for malware and corrupted system files.
Safe Mode: Booting into Safe Mode to troubleshoot and isolate the cause of the crash.

5. Recovery: After a BSoD, the system may automatically restart. Users can also use recovery tools provided by Windows, such as System Restore, to revert the system to a previous state.

The Blue Screen of Death is a critical indicator of serious issues that need immediate attention to prevent further damage and to restore system stability.

(Ed: written by ChatGPT; verified by jrivett.)

Firefox, Google, Things that make me happy

Google Search ‘Classic’

Leave a comment

You may have noticed that Google Search results are getting crappier. The ads are still fairly unobtrusive, but a typical search results page is filled with other junk that is often of no interest at all.

The good news is that Google just enabled a new feature in Search that may remind you of the good old days when search results were less cluttered. It’s called ‘Web search’. No kidding.

Google's new web search feature

To see Web search in action, go to google.com and search for something. Near the top of the search results page, you should see a horizontal menu, starting with ‘All’, ‘Images’, and ‘Videos’. Click the ‘More’ entry, and select ‘Web’.

As you can see, this cleans up the results page significantly.

I like this feature so much that I’ve made it my default search in Firefox. Here’s how to do that:

  1. By default, you can’t add custom search engines to Firefox. To enable that function, enter about:config in Firefox’s address bar and press Enter. You’ll be asked if you’re sure you want to proceed; click ‘Accept the risk’. Then type browser.urlbar.update2.engineAliasRefresh. You should see a small ‘+’ box to the right. Click that.
  2. Click Firefox’s ‘hamburger’ menu button, which looks like three horizontal lines, at the top right. Select ‘Settings’.
  3. Click ‘Search’ in the left sidebar.

    4. Firefox search settings

  4. Scroll down to the ‘Search Shortcuts’ list. At the botton of that list, there should be an ‘Add’ button. Click that.
  5. Firefox Add Search dialogIn the small dialog that appears, enter a name for the new search (I call it ‘Google Classic’), the URL https://www.google.com/search?q=%s&udm=14, and then give it a shortcut alias like ‘gc’. Then click ‘Add Engine’.
  6. Scroll up the Settings page until you see ‘Default Search Engine’. Click the drop-down list and select the search engine you just added.

After making these changes, searches you perform in Firefox (by entering search terms in the address bar or search box) should produce ‘Web’ search results.

Resources, Security, Tools

How good is your password?

Leave a comment

There’s a new chart from Hive Systems that you can use to determine how resistant your password is to brute-force cracking.

Password strength chart

Keep in mind that this is a moving target. As processor power increases and new technology arrives, brute-force attacks get faster. So if you have a similar chart published a couple of years ago, it’s likely already out of date. That’s why they included the year at the top of the chart.

It’s easy to use: find the intersection of your password’s length with its character combination.

So, for example, ‘718462’ can be cracked instantly, as can ‘xgts’.

Note that this chart does not show the effect of dictionary attacks, which are typically tried before the brute-force approach. A dictionary attack tries to guess a password based on a list of common passwords.

If your password is in the red or purple areas, you should really think about making it longer and more complex. Longer, more complicated passwords are also more difficult to remember, especially when you use a different password for every site and service (and you really should), but there’s a simple solution to that: use a password database.

I use both Password Corral, which is a free, standalone Windows program, and 1Password, which is not free, but has some useful features.

Given that most of the web-based password managers have been hacked at one time or another, I still recommend using standalone software if possible.

Boot13, Things that are bad, WordPress and other CMS

Automattic sold your site data for years

Leave a comment

If you installed and activated the popular Jetpack plugin on a self-hosted WordPress web site after 2013, and didn’t bother to read the fine print when accepting Jetpack’s Terms of Service, Automattic (the company that makes Jetpack) surreptitiously gathered your site’s data and sold it to social media and data analytics companies.

Jetpack is a free plugin that adds a useful collection of features to WordPress, including social media buttons and sharing, Markdown support, security, backups, anti-spam, stats, and so on. Some of these features have been very useful for the sites I’ve managed over the years.

How was Automattic able to do this?

There’s a somewhat hidden setting that controls whether Jetpack siphons data from your site and sends it to the Automattic mothership. Navigate to the Jetpack Dashboard, scroll to the bottom of the page, and click ‘Modules’. The setting you’re looking for (prior to Jetpack 13.3) is ‘Enhanced Distribution’. It should be named ‘Donate your content to Automattic and allow them to sell it and keep all the proceeds’.

Even if all the more obvious Jetpack features are disabled, if ‘Enhanced Distribution’ is enabled, Jetpack is sending your data to Automattic.

Making matters even worse, Jetpack updates have a nasty habit of re-enabling previously-disabled features or reverting to default settings. Whether this affected ‘Enhanced Distribution’ or not is unclear.

The Firehose

Automattic sold your site data as part of a product called Firehose, which potentially contained all of the original content from your site. Here’s the first paragraph from the Firehose product page:

WordPress publishers and visitors produce thousands of new posts and comments every hour. These content streams are available in three real-time formats from redundant servers. These streams are intended for partners like search engines, artificial intelligence (AI) products and market intelligence providers who would like to ingest a real-time stream of new content from a wide spectrum of publishers.

What does Automattic say about this?

A recent post on the wordpress.org support forum asked about Jetpack Backup & AI. Here’s how Automattic responded:

They will retire Firehose, but…

We have sold our Firehose to social and data analytics companies, and we have also used some distribution partners (like Socialgist) to sell the Firehose to these types of end users.

The release notes for Jetpack 13.3 (2024-April-03) shows this: “Enhanced Distribution: begin deprecation process as the Firehose is winding down.” The only obvious difference is that ‘Enhanced Distribution’ is no longer listed on Jetpack’s Modules page. Hopefully that means the option is now also disabled for all sites, not just further hidden.

They never sold to AI companies and don’t plan to

Neither we or our distribution partners sell the Firehose to any companies that are training LLMs or to any generative AI companies.

Enhanced distribution is a feature that was released in 2013 with the purpose of driving traffic by giving blogs additional readership in the WordPress.com Reader. Content from those sites were gathered with approval by accepting the terms of service. Our partners were social and data analytics companies.

Automattic also published an article titled ‘Protecting User Choice’, a response to concerns about selling data to AI companies.

Okay, but…

If you were about to point out that posting anything on a public-facing web site makes it available for anyone to use: okay, sure, but Automattic SOLD the data they gathered. I never expected to make any money from this site, but that doesn’t mean I’m happy about anyone else making money from it.

Recommendations

Stop using Jetpack. Automattic has done, is doing, and will in all likelihood continue to do some shady things. I regret ignoring the advice I received years ago to stop using Jetpack, and can only hope that any damage caused to clients due to my recommendation and use of Jetpack is minimal.

If you can’t avoid using Jetpack, please disable the ‘Enhanced Distribution’ module. Unfortunately, if you’re using version 13.3, it’s not clear how this can be accomplished.

Most of the features provided by Jetpack can be found in other free plugins. Switching to alternatives for the functions you actually need has the additional advantage of eliminating the overhead of what is now quite a bulky Jetpack.

Here are a few alternatives to Jetpack for specific functionality:

And there are many more possibilities. Jetpack certainly was a handy and simple way to add a lot of useful functionality to WordPress. But Automattic has demonstrated that they are willing to sneakily sell your site data, and I just can’t trust them anymore.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.